Hackers Only Need Your Number To Know Everything About You

This post is also available in: עברית (Hebrew)

A vulnerability in cellular communication systems demonstrated in 2014 is still unpatched, allowing hackers to track your location, read your SMS messages, and record your phonecalls. To do so, all a hacker needs is your phone number.

The hack was first demonstrated by German security researcher Karsten Nohl and relies on a practically ancient set of telephony protocols called Signalling System No 7. SS7 which was developed in 1975 and is an international standard in telephony, now used to “broker between mobile phone networks,” The Guardian reports.

SS7 is operating in the background to facilitate communication between different mobile networks, translating phone numbers, transmitting SMS messages, tracking billing information, etc. The protocol is poorly protected, and this allows a hacker to perform quite a lot of things they shouldn’t be able to and all with very little effort.

Once inside the SS7 network, all an attacker needs is a person’s phone number to read a person’s text messages; log, record, and listen into their calls; and even track their location “based on mobile phone mast triangulation.”

There is nothing an individual can do to prevent this.

“The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer,” Nohl explained.

Nohl is currently performing vulnerability analysis on the protocol for several international mobile carriers, but gave no estimation on when the vulnerability would be patched.